Typosquatting Is Quickly Rising, How To Protect Yourself

July 10, 2019

Have you ever opened your web browser, typed in a website URL, and when the page came up, you were not at the website that you thought you were going to land on? In most cases, a simple check of the URL that you typed will reveal that you have a typo and accidentally hit the wrong letter when entering the URL. For example, instead of typing in www.netflix.com, you type in www.netflxi.com by accidentally typing the “X” before the “I” at the end of the domain name. Well, if you are like most people, then something like this has definitely happened to you before. But the strange thing that you may not have even thought is that there is a very good chance that a website was running on that mistyped domain.

Now, at first glance you might think that it just happens to be that another company had a very similar domain name and that is why you ended up at that site. Unfortunately, the fact is that someone actually purchased that mistyped domain name specifically hoping that you would accidentally end up there because you indeed made a typo. In fact, these mistyped domains have become so popular there is actually a term for them: Typosquatting.

The term typosquatting simply means that a domain has been purchased that is in some way similar to another legitimate domain. So, like the Netflix example above, someone looks at the domain name and tries to figure out all the ways in which someone might accidentally make a mistake while typing it in the address bar. Then he purchases all of those mistyped domains.

But why would someone do something like this, you ask? Well, it turns out that there are actually a few different reasons. First, a pretty common one is purely from a marketing standpoint. Let’s say for example that I run a company that provides vacation packages for purchase online and I want to try to get as many people as possible to come to my website. One option I might try is to purchase mistyped domain names of all of the major airlines. This way, every time a person looks to book a flight and accidentally mistypes the URL for the desired airline, he would instead end up at my site where I might capture their attention with an amazing vacation package.

While I like to pretend that I am extremely creative and came up with this scenario on my own, in reality this exact thing happened to me. I was trying to book a flight and accidentally ended up at a site selling vacation packages. While I ultimately did not buy from them, I did find it to be a pretty smart business tactic.

Another reason someone will purchase a similar domain is to trick the visitor into filling out surveys. This may sound odd, but online surveys are big business. While not illegal, the tactics used by some of these companies are definitely deceptive. For example, let’s say you are attempting to go to Facebook.com, but mistype one of the characters. Instead of ending up at Facebook, you end up at a website that has the same look and feel, only now the landing page says something about needing to complete this survey before you can continue. While it does not specifically say the site is part of Facebook, the average person may simply assume he is on Facebook’s page and needs to complete this survey before logging in.

While the first two typosquatting styles can be found throughout thousands of domains, unfortunately the real problem comes from the malicious attacks. You see, criminals have realized that the hardest part about attacking people is getting them to come to the hackers’ malicious websites. There is a reason that Phishing attacks are so popular; criminals are sending out millions of emails in the hopes the victims will click on the links. Well, with typosquatting, the criminals take a more passive role where millions of domain names have been purchased that are literally nothing more than legitimate domains, but with typos in them.

Now, instead of sending emails trying to get people to click the links, they simply sit back and wait for people to accidentally stumble upon their malicious sites each time they make a typo while trying to access a legitimate organization.

Of course even these types of attacks can range drastically. In some cases, the criminal will make the site look exactly like the legitimate site. For example, if you were attempting to go to a bank or credit union website and accidentally ended up at a fake site due to a typo, at this point, when you enter in your login credentials, the criminal will be able to record everything and you would never know what happened. In other cases, the malicious site may attempt to send you a file or simply exploit a vulnerability in your web browser, giving the hacker full access to your computer in a matter of seconds without you ever knowing how it happened, or even that it happened. What’s worse is that due to what are known as zero-day exploits, even if you are up to date on the very latest patches and have the best antivirus running on your computer, you could still be vulnerable to these types of attacks.

A perfect example of this is a vulnerability discovered in Google Chrome in March of 2019. This vulnerability was actively being exploited by hackers and there was no patch available at the time. These types of vulnerabilities are known as zero-day which means they are being actively exploited by criminals and there is nothing you can do to stop them.

So, what can you do to protect yourself? Well, that’s the real problem. Obviously if you end up at a website that is selling something other than what you expected, you should check and make sure you are truly at the correct domain. In addition, if the site you visit is now asking you to fill out a survey or give up other personal information, stop and make sure you are where you think you are.

When it comes to malicious websites, it gets far more difficult. In the old days, I would have told you to look for HTTPS:// at the beginning of the URL, but that no longer means much of anything. So now, the best advice I can give is to double check the domain name that you type in before you hit enter. I know this is kind of a copout, but seriously, if you mistype the domain and end up at a malicious site, it takes just seconds for malware to be installed on your computer and in many cases you will never know it happened until potentially later when the criminal either demands a ransom or uses your computer to gain access to far more valuable corporate data.

Now, all that said, if you do visit a site and realize after the fact that you did mistype the domain name, stop. Don’t just close your web browser and forget about it. Instead, pick up the phone and notify someone in your IT department. Someone there can then investigate and find out if the site you visited is truly malicious, and more importantly what risk your computer may have encountered. Remember, often times the initial attack on a computer is only the beginning. So when in doubt, always err on the side of caution and get things checked out rather than just moving on and assuming that everything will be just fine.

Stickley on Security
Published July 10, 2019